ENH: hardened added dropbear failregex to avoid trailing .* and enclose username in ''

11 years ago · 4e0ddc5f67
1 changed files with 1 additions and 1 deletions
--- a/config/filter.d/dropbear.conf
+++ b/config/filter.d/dropbear.conf
@ -29,7 +29,7 @@ _daemon = dropbear
 #
 failregex = ^%(__prefix_line)s(L|l)ogin attempt for nonexistent user ('.*' )?from <HOST>:.*\s*$
            ^%(__prefix_line)s(B|b)ad password attempt for .+ from <HOST>:.*\s*$
-            ^%(__prefix_line)sExit before auth \(user .+, \d+ fails\): Max auth tries reached - user .+ from <HOST>:.*\s*$
+            ^%(__prefix_line)sExit before auth \(user '.+', \d+ fails\): Max auth tries reached - user '.+' from <HOST>:\d+\s*$

 # The only line we need to match with the modified dropbear.